I spoke to a business owner last week whose business had been hit with ransomware.
When the ransomware was discovered, everything was shut down, and his business basically screeched to a halt – even the office phones were taken offline.
It was nerve-wracking, he said. For a day, all he and his team could do was twiddle their thumbs and hope that their systems had been backed up correctly.
Fortunately, they had been. The company had put a disaster recovery plan in place, and, with the help of their IT support, they were able to get things back up and running within a couple of days before too much damage was done.
Most of their clients didn’t even notice anything had happened, and today, the company is back to business as usual.
That’s the value of an IT disaster recovery plan. When you have a plan in place, you can greatly reduce the risk you face from disasters – and not just from ransomware, but also from other crises like fires, floods, or even user error. You can drastically minimize any potential damages because you give your business the capability to get back online quickly.
So, the next question is, how can your business create an effective plan?
We’re here to help. At ATB, we help St. Louis organizations to implement strong disaster recovery plans as part of our IT support services. Based on our two-plus decades of expertise, here’s what we’ve found.
An IT disaster recovery plan can be boiled down to five major components:
1. Audit your needs and your risks.
The first step of nearly any good plan is to evaluate what will be needed. In this case, you’ll want to audit both your organization’s needs and your risks.
In terms of needs, there are two key pieces to review: 1) what you’ll need to back up to make disaster recovery possible, and 2) how fast you’ll need to be able to access it.
In terms of risks, you’ll want to assess how likely it is that a disaster affects a system and what the loss would be if a system was to go down.
Answering these questions will allow your organization to set recovery time objectives (RTOs). RTOs define how long a system can be down without causing significant damage to an organization – in other words, how long a system has to go from loss to recovery.
2. Identify data storage solutions.
The previous step in your disaster recovery plan should help to outline the technical specifications that your solution will require. The second step will be to select solutions that meet your technical requirements.
There are a variety of data storage and recovery systems on the market, with differing price points, storage capacities, and other features.
Some of these include:
And that’s just a small sampling of what’s available. You’ll want to do your due diligence as you evaluate the platforms. Most vendors offer scalable options, and regardless of which you choose, it’s key that you have the ability to store all of the data you need and to access it quickly.
3. Define roles and processes in the event of a disaster.
The processes and people that facilitate disaster recovery are just as important as the technical pieces of the solution. The business owner I spoke to had had a great technical plan in place, but without the support of his IT team, he would have struggled to access his data and restore his business’s systems.
Defining roles is vital to a quick disaster response.
Accordingly, your disaster recovery plan should identify the action steps that will be taken and the person who will be responsible for each component of your response. You should answer questions like:
- When will the plan begin?
- What steps will be taken in the event of different types of disasters?
- Who will be responsible for different steps?
- What systems will be prioritized and in what order will systems be restored?
- When will the plan end?
- How will the plan be tested and updated?
At a minimum, you should designate someone to be the crisis management coordinator or administrator. This person will be responsible for initiating the recovery plan, coordinating work, and communicating with the team throughout the process of recovery.
4. Implement the disaster recovery solution.
Once the components above are completed, it’s time to implement your disaster recovery plan. This involves deploying the technical solution (purchasing and integrating the storage) and confirming your documentation of processes and roles.
5. Test and optimize.
Testing is arguably part of disaster recovery implementation, but we’ve broken it out because a) it’s important, and b) it shouldn’t be done once during implementation and then neglected – it should be performed regularly.
You need to know your plan will work, and you need to keep it updated and optimized. So, you need to test it.
This will involve running your organization through hypothetical or simulated disaster scenarios and actually carrying out your plan. As you do so, you’ll evaluate the obstacles you face, any hypothetical costs to your organization, and whether you were able to hit RTOs.
If there are any issues in your recovery, you’ll fix them and incorporate your insights into your plan going forward.
Ready to create an IT disaster recovery plan?
Hopefully, your business doesn’t get hit with ransomware any time soon. Still – it’s best to be prepared.
The five steps above will give you a good start, but if you’d like to ensure that your business has an effective plan in place, it’s usually helpful to work with consultants.
Disaster recovery consultants can help you to audit your systems so that you know what your requirements are and what your goals should be. They can also help you to select the right technical solutions, then implement, test, and optimize them so that they’re working the way you need them to be. Finally, they can help you to design processes that ensure your organization’s response to a disaster is efficient.
At ATB Technologies, we’ve been helping St. Louis businesses to implement disaster recovery solutions for over two decades.
Schedule a free consultation with one of our experts, and we can review your risk factors and start to spec out a disaster recovery solution that will give you peace of mind and keep your business safe.